[PATCH] BROKEN_STRNDUP and BROKEN_STRNLEN and AIX

Alexander Bokovoy ab at samba.org
Wed May 22 02:18:58 MDT 2013


Hi,


On Wed, May 22, 2013 at 11:11 AM, Andrew Bartlett <abartlet at samba.org>wrote:

> On Wed, 2013-05-22 at 11:05 +0300, Alexander Bokovoy wrote:
> > Hi,
> >
> >
> > On Wed, May 22, 2013 at 10:39 AM, Andrew Bartlett <abartlet at samba.org>
> > wrote:
> >         Simo and Christian,
> >
> >         I'm wondering if either of you know more about the allegation
> >         that
> >         strndup and strnlen are broken on AIX?
> >
> >         This is one of the very few outstanding config.h differences
> >         I'm tracking in
> >         https://bugzilla.samba.org/show_bug.cgi?id=8969
> >
> >         It appears to be forced on for all AIX hosts:
> >
> >         commit 804cfb20a067b4b687089dc72a8271b3abf20f31
> >         Author: Simo Sorce <idra at samba.org>
> >         Date:   Wed Aug 25 14:24:16 2004 +0000
> >
> >             r2070: Let's try to overload srnlen and strndup for AIX
> >         where they are natly broken.
> >             (This used to be commit
> >         98feb3318f54bb48ce56fc8f4721fec4967b9dd9)
> >
> >         diff --git a/source3/configure.in b/source3/configure.in
> >         index d35e89c..4329665 100644
> >         --- a/source3/configure.in
> >         +++ b/source3/configure.in
> >         @@ -1206,6 +1206,8 @@ if test "$enable_shared" = "yes"; then
> >                                 fi
> >
> >
> >         AC_DEFINE(STAT_ST_BLOCKSIZE,DEV_BSIZE,[The size of a block])
> >         +                       AC_DEFINE(BROKEN_STRNLEN,1,[Does
> >         strnlen work correctly])
> >         +                       AC_DEFINE(BROKEN_STRNDUP,1,[Does
> >         strndup work correctly])
> >                                 ;;
> >                         *hpux*) AC_DEFINE(HPUX,1,[Whether the host os
> >         is HPUX])
> >                                 SHLIBEXT="sl"
> >
> >         Before I simply do the same in waf (probably in libreplace),
> >         do either
> >         of you know more of the background here, such as does this
> >         apply to all
> >         AIX versions, or is it possible to test for it less bluntly?
> > This discussion (which refers to our bug #1097) clarifies the issue:
> >
> http://stackoverflow.com/questions/2091460/strndup-call-is-currupting-stack-frames
> >
> >
> > strndup() is broken at least on AIX 6.1:
> > ".. Tracing through the instructions in strndup, it appears that it
> > mallocs a buffer that is just large enough to handle the string in s
> > plus a NULL terminator. However, it will always copy n characters to
> > the new buffer, padding with zeros if necessary, causing a buffer
> > overflow if strlen(s) < n."
>
> The revised attached patch tries to put some of this background into the
> code.
>
I wonder if we could simply run the reproducer and if that fails outlaw
strndup()?
The reproducer is available in this answer:
http://stackoverflow.com/a/12080251
Running it would preclude cross-compiling to AIX but that is not something
we could do now anyway.

-- 
/ Alexander Bokovoy


More information about the samba-technical mailing list